Computer Support Forum

persistent malware undetected by virus scans and malware removal tools

Question: persistent malware undetected by virus scans and malware removal tools

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\Program Files\LENOVO\HOTKEY\FNF5SVC.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\AVG\AVG9\avgam.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\AVG\AVG9\avgemc.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Lenovo\HOTKEY\TpWAudAp.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeC:\QUICKENW\QWDLLS.EXEC:\Program Files\Pando Networks\Media Booster\PMB.exeC:\Program Files\internet explorer\iexplore.exeC:\Program Files\internet explorer\iexplore.exeC:\Program Files\internet explorer\iexplore.exeC:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\90FWCGMU\HijackThis[1].exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dllO2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dllO3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsersO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exeO4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exeO4 - HKLM\..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resumeO4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWO4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarpO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXEO4 - Global Startup: caclsAllowAndDelete.exeO4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXEO8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cabO16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_5.0.23.0.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cabO16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s...el_4.1.66.0.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dllO20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exeO23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeO23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exeO23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exeO23 - Service: Intel? PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exeO23 - Service: getPlus? Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: Intel? PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel? PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Relevance 100%
Preferred Solution: persistent malware undetected by virus scans and malware removal tools

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OTL from this link.Save it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in:netsvcsmsconfigdrivers32 /all%systemroot%\system32\*.dll /lockedfiles%systemroot%\system32\*.sys /90%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %SYSTEMDRIVE%\*.*%systemroot%\system32\Spool\prtprocs\w32x86\*.dll%systemroot%\*. /mp /s/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32ahcix86s.sysnvrd32.sysuser32.dllws2_32.dll/md5stop%systemroot%\*. /mp /sHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUCREATERESTOREPOINTClick the Quick Scan button.The scan should take a few minutes.Please copy and paste both logs in your reply.We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logIn your reply, please post both OTL logs and the GMER log.

2 more replies
Relevance 80.62%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 102.09%

Hey there, Recently it seems my computer has been running a lot slower than usual, i had the same problem about a month back and decided to just do a system restore, wiped everything and started over. Things were fine up untill a few days ago where my computer was showing the same symptoms as before, Windows explorer would constantly crash and programmes such as Google Chrome or WoW were incredibly slow, others simply wouldnt evern load, all this followed by eratic CPU behaviour where it would jump from 0% to 90-100% I looked around on the internet for solutions and at first thought i had a Trojan masquerading as explorer.exe though after trying to look for it, i found nothing.I hav done scans and nothing has come up and as of yesterday i no longer have Norton 360 as some of the things ive heard about it are not so good, after deletion my computer seems to be running a little smoother though im still not certain the problem has been resoled, any advice or assistance will be greatly appreciated. HijackThis log is below, as is system spec. Thanks.

Spec: Intel(r) Core(TM) Duo CPU E6750 @2.66GHz 2.67GHz
4.00G RAM
32Bit OS
NVIDIA GeForce 9600 GSO
500G HDD
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:12, on 28/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender... Read more

More replies
Relevance 98.4%

Hello

I've followed all instructions in "Read & Run Me First". I have the following results downloading and attempting to run the suggested tools for Windows XP operating system:

SUPERAntiSpyware: downloaded but unable to run. No log created. While attempting to run, received the following message: Windows cannot access the specified device, path or files. You many not have appropriate permission to access item. (note - I am setup as administrator).

Malwarebytes Anti-Malware: downloaded bu unable to run. No log created. While attempting to run, received the following message: Windows cannot access the specified device, path or files. You many not have appropriate permission to access item. (note - I am setup as administrator).

combofix.exe: downloaded and ran, but did not complete. No log created. When attempting to run, I got a far as the blue screen C:\ ComboFix is preparing to run. I sat in that condition for 2.5 hours. I finally closed out.

RootRepeal: downloaded and ran. It was basically a flash on the screen. Log generated but empty. See attached.

MGTools: downloaded and ran. Log attached.

My problem started 1 week ago when my Antivirus Program (F-Secure) stopped auto-updating the Antivirus and Malware components. I uninstalled and attempted to re-install (per F-secure's support) and was unable to install completely. I suspect the virus is preventing the install. I am currently do NOT have any Antiv... Read more

Answer:Virus Unable to Run Malware Removal Tools

Java(TM) 6 Update 26 <--- uninstall outdated Java.



Download and run Win32kDiag per the below instructions:

Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log
C:\win32kdiag.exe -f -r




Now we need to scan the system with this special tool.

Please download Junction.zip and save it to your root folder (C:\Junction.zip)
Unzip it and put junction.exe in the root folder (C:\junction.exe)
Now click Start => Run... => Copy and paste the following command in the run box and click OK:
cmd /c junction -s c:\ >C:\log.txt

A command prompt window opens and also a license agreement from SysInternals will appear.
Accept the license agreement and the scan will begin.
Wait until a log file opens. Attach this C:\log.txt when it finishes (the command prompt window will close when it finishes). (How to attach items to your post)
NOTE: It scans your whole hard disk so if can take a long time. Be patient and don't do anything else while it is scanning.



Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

... Read more

8 more replies
Relevance 98.4%

Hi,
I have a problem where I cannot run any virus or malware removal tools. I have tried them in safe mode and I have tried renaming them. I am able to load them and update them and I can start them momentarily. Then they stop and I can not restart them. I get an error that they are not available or that I do not have permission. I have tried to run online scans and they also fail to load. I also have a problem with iexplorer and firefox being hijacked and loading various web sites I am not intending on going to. Not bad sites just not the ones I am trying to get to. Let me know what you want me to try. I work on computers daily and have not run into anything like this. Thanks in advance for you help.
 

Answer:Cannot load any virus or malware removal tools

I am able to run MGtools.exe and I have attached the log.
 

29 more replies
Relevance 97.58%

So I had a virus that I thought I had gotten rid of a month ago, but it seems to have returned last night while I was asleep. It now freezes or shuts down anytime I start the computer normally, so I have to start it in Safe Mode to get anything running. It won't let me install Malwarebytes or SUPERspyware removal or anything like that. Ad-aware removed a few things but when I rebooted I couldnt start my computer normally. I have McAfree, but I can no longer start it. Most removal programs I try to install don't work. And when I start a firefox browser, even in safe mode, it tells me "The procedure entry point [email protected]@Z could not be located in the dynamic link library msvcrt.dll." So here is my HijackThis log from Safe Mode:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:21:53 PM, on 5/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\WINDOWS... Read more

Answer:Virus that prevents malware removal tools (malwarebytes, etc.)

Sorry, here is my dds file

3 more replies
Relevance 97.58%

My computer experienced Police Pro and/or Antivirus 2010 which disabled AVG 8.5 along with Malwarebytes, Norman Malware remover, spy doctor and Hijack This ... I have manually removed all registry items and files that I could locate and the computer does not show any sign of the virus while in safe mode, however it still will not run AVG scans or any other malware removal tools, so my assumption is that there is something still running that I am not seeing.

I tried to run RootRepeal, but it crashes if I request Files to be scanned. I then ran Win32kDiag and it appears to have run below is the log. Any help in getting AVG and a Malware removal tool running would be greatly appreciated!!!!!
Running from: C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINNT'...

Found mount point : C:\WINNT\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB956390\KB956390

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\&... Read more

Answer:Anti-virus and malware removal tools disabled

Hello vjc,Please refrain from making any changes to your system (updating, installing, removing, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) "%userprofile%\desktop\win32kdiag.exe" -f -r into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

55 more replies
Relevance 97.58%

i cant even get Hijack this to work as soon as i run it it disappears so i cant even post that here to show whats going on with my computer.. im using windows XP... i keep getting redirected when i try to search on yahoo or google... using mozilla firefox. ive also tried to run in safe mode but i keep getting a blue error screen and cant move past that.

Answer:advanced virus removal / security tools malware?

Let's see if we can get a scan to workIf this works, go ahead and repost in the HJT forum. If not, post back hereRun this application and then immediately run your scanPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

8 more replies
Relevance 97.58%

Malicious Code has become increasingly complex and infections involve more system elements than ever before. Sometimes, when your antivirus software is not able to remove virus from your computer, you may need to download and use these free specialized tools which are released by well-known security companies like Symantec, Eset, Kaspersky, etc. Malware & Virus Removal Tools
Here is a list of some Malware & Virus Removal Tools: Security Response Removal Tools - Symantec Corp. Stand-alone malware removal tools - ESET Knowledgebase Virus-fighting utilities Free Virus Removal Tools - Bitdefender How To - Remove threats - Removal Tools | F-Secure Avira AntiVir Removal Tool - Download How to Use Stinger | McAfee Free Tools
If you know of any other links, please do share here.

Answer:Free Standalone Malware & Virus Removal Tools

Hi Andy ! Emsisoft Emergency Kit: http://www.emsisoft.com/en/software/eek/

1 more replies
Relevance 97.58%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 95.53%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 95.53%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 94.3%

My computer got a nasty little bug on it.

I believe it was one of those fake antivirus trojans. I had one before and Malware Bytes took it right off, but it couldn't do it this time. The malware keeps reloading on the system regardless of what I use.

I've used PC Tools Spyware Doctor (which I paid for and it has done nothing of note); Spybot and MBAM. The program keeps redirecting my browser to google-redirect.com or something like that and giving me tons of ads.

This is the log that I got after the most recent MBAM attempt.

I've removed and rebooted, with this and spybot, but the result is the same each time.

Please help.

Thank you.

Malwarebytes' Anti-Malware 1.36
Database version: 2084
Windows 5.1.2600 Service Pack 3

5/6/2009 7:14:22 PM
mbam-log-2009-05-06 (19-14-22).txt

Scan type: Quick Scan
Objects scanned: 86122
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Delete on reboot.
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run�... Read more

Answer:persistent malware - ran MBAM, PC Tools, SpyBot, still there

i have the same issue please help. Except I only have Usernit

3 more replies
Relevance 93.89%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 93.89%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 93.07%

I picked up a machine (XP pro, SP3) from a customer on 9/1 that had an infection that would allow you to start an anti-malware tool (I tried Autoruns first, then Malwarebytes, and Spybot S&D, along with a few other items) but the program would be killed while scanning. After it was killed, the infection would then block access to the EXE, preventing you from deleting it or overwriting it. Renaming the programs before running them did not help.SAV had been on the machine, which is what gave the customer her first warning. However, by the time I got there it had been disabled, though parts of it were still showing in the task manager.Extensive searching only found two people with similar problems and only a few hints on what to try to do.http://www.bleepingcomputer.com/forums/t/254129/cant-run-antimalware-mwaw-hjt-ddsscr-etc/ andhttp://samimikhail.blogspot.com/2009/08/vi...s-update-6.htmlMy usual procedure is to slave the hard drive in another machine and perform a virus-scan.When I did this, SAV Coprorate 8.1 found some items... Trojan.Fakealert!gen Infostealer Infostealer.Snifula.B Backdoor.HaxDoor.IMalwarebytes found "Backdoor.Sdbot"However, when I put the hard drive back, this did not resolve the fundamental issue of not being able to run the malware tools.The trick that finally worked for me (based on something I read somewhere...I must have spent 3 hours scouring posts from other people!) was to kill "explorer" via the task manager and then launch applicat... Read more

Answer:Anti-Malware tools being killed during scans

Please post the results of your MBAM scan for review.To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Logs are saved to the following locations:-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs-- In Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs

4 more replies
Relevance 91.43%

Yesterday, I had troubles with Windows live messenger where it (still) says:

"Windows Live Communications Platform has encountered a problem and needs to close. We are sorry for the inconvenience. "

although, the problem isnt about MSN. I found out that this problem was caused by having Malware on your computer. Hence, i decided to run a scan using Malwarebytes Anti-Malware (MBAM).

I noticed that my Avast was disabled and if i try enable it, it comes up with a window saying: the operation could not be completed.

My google searches also SOMETIMES get redirected to links that is clearly out of topic.
like if i google search the terms "malware wikipedia" and i click on the wikipedia link but i get redirected to some Myspace/Anz credit card crap.

Then this happened.
MBAM CRASHED after 2 mins of scanning -> tried to re-run MBAM but a window came up saying:
"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."
I ran several other programs such as:
HJT -> scanned for 2 mins, then crashed (no logs were made)
SUPERAntiSpyware (SAS) -> scanned for 2 mins, then crashed
and same goes for any other programs that searched for any malware.
The only program that worked was TROJANHUNTER and came up with a couple of false positives
I also tried using Avira's Rescue CD (the one where you boot up with it and it does a scan)
A scan using Avira was also successful but failed to... Read more

Answer:Malware/Anti-virus tools wont run due to a rootkit/trojan/malware

i am having the exact same problem!
i have no clue what to do, any help would be amazing!

2 more replies
Relevance 90.2%

I am running WinXP Pro, and I recently got a windows alert warning me of a spyware infection. Trusting Microsoft (fool), I followed instructions and I now have Winavxx.exe in my system32 folder.

I have tried AVG antispyware, CyberDefender, and Spyware Doctor.

The first two recognise it as a malware downloader, but can't deal with it, and it won't allow Spyware Doctor to open.

It has removed control Panel, disabled AVG antivirus, and my Keywallet form filler, and everything it DOES allow happens in geological time.

I can't afford expensive software, and a format C would cost me years of work.

Can anyone help. please.

Don T
 

Answer:Persistent Malware-Removal?

12 more replies
Relevance 89.79%

My computer has begun to run EXTREMELY slow. It takes almost half an hour to download 9mb. I normally use Google Chrome to browse the web but lately the plug-ins mainly Shockwave have been crashing. I also receive a lot of pop-ups that say google chrome has stopped responding. This also happens when I use Internet Explorer and when I use some of the programs on my computer including my antivirus. I have noticed a lot of DLLs now running on my system and some duplicate processes as well. However, I am not very computer saavy so Im not sure if that means anything or not. I have run MBAM & Vipre both have come back clean. DDS logs are pasted & attached. I am operating on Windows 7 64 bit so could not run GMER.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by SNPG2 at 8:46:06 on 2011-12-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2456 [GMT -5:00]
.
AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted... Read more

More replies
Relevance 88.97%

Here are my scan logs. I'm not sure what, if any, problems I still have but I wanted to have them looked over just to be sure. I could not run RootRepeal so I do not have a scan log from it. I got a message saying virtual memory was too low and that it would be increased, however it didn't help and my computer eventually froze and I had to reboot it. Thanks for your help!
 

Answer:Malware Removal Scans

Hi and welcome. I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Thanks for your patience during this time.

Kestrel13!
 

6 more replies
Relevance 88.97%

Hi,

Recently i received an email from head of my IT department which contained an attachment called "CIS Advices on Self-Protection.pptx". Turns out the header was false and it want actually from my IT department. Anyway i clicked on the attachment, then reported it after i realized what i had done.

I then performed all of the procedural steps outlined in the read me first post.
Attached are my logs. nothing appeared as a threat in any of the scans and my main antivirus program didnt detect anything.

thanks in advance to anyone who looks into this
 

Answer:malware removal scans

What malware issues are you having ?
 

6 more replies
Relevance 88.56%

Two new malware removal tools by PC Tools just appeared on Softpedia today.
PC Tools Threat Removal Tool 2012

Fight back against malware.
PC Tools Threat Removal Tool is a handy and reliable utility designed to scan your computer for threats and remove them.

This Threat Removal Tool is designed to fight malicious code that has been known to prevent PC Tools' antivirus software from being installed. It performs a quick system scan in order to identify and neutralize the most common malware families that block, prevent, or terminate PC Tools' security software installers.

To ensure that the malware is completely eliminated, PC Tools Threat Removal Tool deletes the infected files and the registry values added by malware.

Requirements:

Administrative rights
If you are running Windows Me/XP, turn off System Restore.

Download
PC Tools ISO Burner 2012 1.0

Get the ability to access and delete persistent malware.
Safely remove malware from your computer with PC Tools ISO Burner. This is an advanced bootable antivirus tool that provides users with the ability to access and delete persistent malware.

When malware infects a computer, it gains control of many components that are key to the system's operations, making it very difficult to remove. Malware can use some of these system components to hide itself and prevent other software from detecting and removing it.

If you can't install or run a security application in the first place, then how a... Read more

Answer:PC Tools Releases New Malware Removal Tools

Ok what files are in the zip when you download it?
All I get is pcttFixTool.dll, no exe???
 

7 more replies
Relevance 87.74%

Hello,

I've been getting virus popups on my browsers lately, I tried using the malware removal guide this site has. But the "virus" still wasn't detected no matter what I did.

I also used: Windows Defender quick scan, BitDefender 2017 Full System Scan, Malwarebytes threat scan and full system scan (scanned all drives), RogueKiller (detected some PUMs and removed it but the popups were still there), Junkware Removal tool, all of the tools listed How to easily clean an infected computer (Malware Removal Guide) here (including Zemana Anti-malware), used MalwareBytes anti-rootkit tool even. Some of these scans were done in safe mode w/ networking aswell.

But the popup would still appear, it appears on my Internet Explorer and Steam Browser which don't have adblock on them, it doesn't seem to appear on Chrome though (as I have AdBlock installed on them, might explain why). I still feel unsafe with the popups so I'd love to get it removed if it's possible.

I don't know if this is important but I also saw a suspicious looking program/service in task manager called "7-zip standalone console" while I do NOT use 7-zip at all, when google'd I found Have a PUP that poses as a 7-zip standalone console in control manager. - Am I infected? What do I do? on the first results, so I have been feeling really paranoid about all of this lately.

I'd really appreciate any help I could get with this, thank you for taking your time... Read more

More replies
Relevance 87.74%

I've heard that some malware can be crypted to become fully undetectable (FUD) by an anti-virus, but then again nothing can truly be fully undetectable if you do a little digging and use various second opinion scanners. Anyway how does one detect this? Eventually the malware will become detected after a few days to weeks, but don't advanced crypters automatically update? It's scary to think about but i saw some crypters being advertised as 0 detections for months. Being the security paranoid person i am, i want to know if i am still infected, i got a virus around a month ago and I've been reading thread upon thread on the best security tools to add to my system.

Answer:Can Malware Go Fully Undetected By An Anti-Virus?

Yes, if you're dealing with zero-day malware it's unlikely the anti-virus is going to detect anything. It takes time for new malware to be reported, samples collected, analyzed, and tested by anti-virus/anti-malware researchers before they can add a new threat to database definitions.That's one reason to use second opinion scanners. Another is that an anti-virus program alone does not provide comprehensive protection and cannot prevent, detect and remove all threats at any given time. Anti-virus software is inherently reactive...meaning it usually finds malware after a computer has been infected. Anti-virus and anti-malware programs each perform different tasks as it relates to computer security and threat detection. Essentially, they look for and remove different types of malicious threats.In simplistic terms, Anti-virus programs use massive databases with different scanning engines and detection methods to scan for infectious malware which includes viruses, worms, Trojans, rootkis and bots.Anti-malware programs use smaller databases and generally tend to focus more on adware, spyware, unwanted toolbars, browser hijackers, potentially unwanted programs and potentially unsafe applications.Anti-virus and Anti-malware solutions with anti-exploitation features protect against zero-day malware, drive-by downloads, exploits and Exploit Kits.

0 more replies
Relevance 87.74%

Alright, so a little setup. I have a hp pavilion that runs windows 7 and mcafee running as protection (what a waste of money that proved to be). I don't download anything illegal. My computer normally runs smoothly and fast.

Now some shady things started happening all at once, but i'm not sure if they're related to what's going on now.

First, my google search bar got hijacked- sometimes I'd search something, and when i clicked on a response, it took me to different websites instead. Mcafee said it found something and removed it. I left it alone.

Then i started getting run dll errors. Then stuff hit the fan and my screen got crowded with fake virus warning signs and av guard somehow downloaded itself onto my computer.

I ran malaware bytes and it found a staggering 10,000 infected items. it removed a lot of stuff (seemingly av guard amonf them), and i no longer saw av guard but my computer remained clearly infected.

I can't open up firefox or google chrome (but internet explorer continues to work for some reason). When I tried to run mcafee scans and firewall automatically gets turned off. My computers running slower than it did just a day ago before this all started. I also tried system restore, which is always futile, and was futile again here.

Now here's the frustrating part: I have run malaware bites, panda cloud, mcafee, and avast (preboot scan and regular scan). All of them detect absolutely nothing. not a single infected file. But there's clearly something ... Read more

Answer:Puzzling virus goes undetected in malware scanners

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 87.33%

Title is self-explanatory, there's this adware that keeps loading up every time I open my browser and it shows ads in places it shouldn't be. No matter which antivirus programs I use or which guides, the behavior is still the same and I've ran out of ideas here. Hope you guys could help.

I attach in this post my FRST log as I know it's a requirement for this Malware Removal Guidance.

Thanks in advance.
 

Answer:Persistent Adware after using the Malware Removal Guide for Windows

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

23 more replies
Relevance 87.33%

Hello
I read the Read and Run Me First and followed the correct link to the Windows XP Malware Removal page and I think I have all the logs required which I will attach here. Firstly, thank you for such a well written and elaborate set of instructions.

Now, to the problem. I had this problem 2-3 days back and basically a virus seem to have struck my external HDD. Its capacity is 1 TB and now the name is all scrambled and is made up of strange characters. Also the contents of the HDD have been converted to these strange files and folders with scrambled character names. I am posting screenshots of all these pages to show you exactly what I mean.

I would really appreciate if you could help me with not only removing the malware/virus that has struck the HDD but also preferably recovering most if not all the data.

Thank you,
Sohum-Bilawal
 

Answer:Malware Removal - Initial Scans completed

And here are the screenshots I told you about in the last post.

"H virus1.jpg" is a screenshot of the name of the corrupt drive and "H vius2.jpg" is a screenshot of the now damaged contents of the said external HDD - which is a Seagate GoFlex 1TB External HDD, the kind which needs an external power supply : http://www.seagate.com/external-hard-drives/desktop-hard-drives/goflex-desk/

Hope this helps.

Thank you,
Sohum-Bilawal
 

8 more replies
Relevance 86.92%

Hi, I think my computer is hijacked by a Vundo or some rootkit. All processes are slooooow, pages take forever to load on IE, all Google searches are redirected to various other sites, Google chrome opens but will not load any pages and just stays blank. I've run Malware Bites and Spybot S&D, but they found nothing. I don't know what to do at this point. I don't really have the money to take my machine to have it looked at. Can you help me?

More replies
Relevance 86.1%

Cheers,

Any ideas or guidance will be much appreciated!

Am not opposed to a manual CMOS battery reset, but saving that as my last resort

Thank you kindly!
 

More replies
Relevance 85.69%

Hi Guys,

Thanks for a great website, and many good tools you have put together.

I have a problem getting rid of what I think is Spyware on my wife's laptop.

She is currently unable to do Google searches properly, and all results seem to end in being re-directed to a 'Coupon Mountain' website, we can browse to some websites manually, but all those of the major malware removal companies (including yours) just result in the standard IE website unavailable error message.

I have tried downloading all the tools in your READ AND RUN ME FIRST section to a CD, and then copying them to the laptop to run, unfortunately none of them install (even if I change the names.)

I'm getting to the point where I'm considering a repair install, but would like to know if there's anything else I can do to get things fixed without such drastic action.

TIA

Neil
 

Answer:Can't Run Malware Removal Tools.

Welcome to Major Geeks!


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid addtional delay in gettin... Read more

1 more replies
Relevance 85.69%

Hi Geeks,
I'm pretty sure I have a malware issue on my PC. I can't access any security websites, like malwarebytes.org and more. In fact, I am surprised I can access the Geeks website! I can download removal tools, but they won't run and I've tried quite a few.. I can't boot into safe mode -The dreaded Windows blue screen error message comes up-"Windows has detected a problem and needs to shut down". I followed your "Read me first" and did everything I could, including remove the old Java versions. When I tried to install Java again, it said the program is not digitally signed and shut down. This has happened a few times with other installs as well. My browsers shut down frequently on their own as well. Ihave a recent hijack this log, but not sure whether to attach it or not, as it was mentioned it may be filtered as spam. Anyway, hope you can suggest something. Thanks!
Bobby
 

Answer:malware won't let me run any removal tools and more

If you can't boot into safe mode and normal mode will not allow you to run any of the scans, there isn't much we can do to help you. Have you tried running all the requested scans? Have you tried renaming them as per the Read and Run First instructions? Will MGTools.exe not run?

You can try using a different computer to create this disc and then boot to it with the infected machine. ( You will need to first go into the bios and change the boot up order to make the cd drive the first boot device.)

Kaspersky Rescue Disk.
 

11 more replies
Relevance 85.69%

Hello all,

This is my second go-round through your instructions. The first in 04/2009 was successful. Presently, I cannot get any recommended tools to run --even if I rename an exe. I cannot locate the exe for Malwarebytes; I get an "exception unknown software exception (0xc0000409) occurred in application at location 0x77f7c60b" error message when attempting to open SuperAntiSpyWare. I attempted both in system mode and normal mode. (I have run them successfully in the past.) I see the Security Tool shortcut on my desktop and I bet its the culprit.

I am attaching two logs below. Your help is very appreciated.
Dawna G.
 

Answer:Malware removal tools won't run

Welcome to Major Geeks!

You MGlogs.zip file is not as useful as we need for two main reasons:

You don't have the current version. You are 7 months out of date.
You ran it in safe boot mode and normal boot mode is the preferred method.
Is all of the software you have that far out of date?

I will give you something to try below but the malware may have additional things hiding that we cannot see with this outdated version of MGtools.



Uninstall the below old versions of Java:
Java(TM) 6 Update 13

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\_lib.dll
O4 - HKLM\..\Run: [tijidekel] Rundll32.exe "c:\windows\system32\jetebemi.dll",a
O4 - HKUS\S-1-5-19\..\Run: [wadahetuju] Rundll32.exe "C:\WINDOWS\system32\yikujode.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wadahetuju] Rundll32.exe "C:\WINDOWS\system32\yikujode.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\system32\jisasiti.dll C:\WINDOWS\system32\gitoribo.dll c:\windows\system32\juduwuho.dll c:\windows\system32\jetebemi.dll,mapopabe.dll
O21 ... Read more

7 more replies
Relevance 85.69%

I am trying to follow clean up procedures, http://forums.majorgeeks.com/showthread.php?t=35407 and have 2 questions;
1. when I run Microsoft Windows Malicious Software removal tool, does it clean/fix automatically or do I have to click on something? I tried to go to the help section and I get "page cannot be displayed".
2. when I run Spybot Search & Destroy, I click immunize but i don't see S&D helper.

ty
 

Answer:Using malware removal tools

1. Just run teh tool there is nothig else you have to do.

2. When you Immunize; Spybot is making changes to the Registry.
 

3 more replies
Relevance 85.69%

I have aToshiba M105 laptop. I have CCleaner and Avast Home installed. I ran Avast - no issues, ran CC and Registry cleaner. I have something on this that when I do a google search will look like legitimate results but when I click on a link will send me somewhere else, usually redirect me to an ad or the info.com.I also can not access certain websites -MajorGeeks being one of them or any of the sites that contain the malware removal tools listed in the MJ procedures. Si I tried to access MJ from another computer and save the tools to a usb stick then transfer to the infected computer. Worked OK until I tried to run the various apps. SAS I get "encountered error needs to close" Spybot - "connection w/sever could not be established" Malwarebytes just wouldn't install. Don't know what to do now ---HELP!!!!!
 

Answer:Can not run MALware removal tools

For MBAM, just run it without updating.

Have you tried running the other scans in safe mode?

The Read and Run First instructions have links to manual updates for both SAS and MBAM.

Did you run the MGTools.exe? Were there any issues with that? Can you attach the C:\MGLogs.zip?
 

3 more replies
Relevance 85.69%

Hello All,
I have tried all possible tools
SpySweeper,Kaspersky,Spypot,Spyware Doctor,Adaware
SuperAntiSpyware,MalwareBytes,CCleaner,RogueRemover

I think its the virtumonde...The thing is I have a couple of registry entries pointing to Dlls that do not exist but even if i remove them they keep coming back.I have tried booting into safe mode and deleting them but it does not help.I am posting my HijackThis log.I have disabled system restore as well

I keep getting random Ad-Websites and messages that my computer has been affected.

I have highlighted the susicious registry entries.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:00 PM, on 03-Dec-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system3... Read more

More replies
Relevance 85.69%

I ran through as much of the readme as I could, but only MGtools worked. Please look at the attached logs and advise me on what to do next. Thanks.
 

Answer:Can't run malware removal tools

Welcome to Major Geeks!

Your log shows that you were in safe boot mode. You should be in normal boot mode unless that is not possible and you did not say you could not boot in normal mode.

A few of your Windows system files (ndis.sys and beep.sys) are infected and will need to be replaced by clean copies. It will be much easier to do this once we can get ComboFix to work. So let's start with the below fix and see if we can get other tools to run afterwards.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=userinit.exe
O4 - Startup: zqosys32.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)

After clicking Fix, exit HJT.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"Click to expand...

Make sure that you tell me if you receive a success message abou... Read more

1 more replies
Relevance 85.28%

my computer got infected with some malware so I did all the steps on READ AND RUN ME FIRST post to remove them and after doing all the scans my computer was fine. However, my Microsoft Outlook wont open it is trying to down load then it says "Error 1402 Setup cannot open the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet.....verify that you have sufficient permissions to access the registry....". Why is this happening did I delete something I shouldn't have. Can you please help me with this. thx.
 

Answer:Cant open Microsoft Outlook after doing READ AND RUN ME 1ST for malware removal scans

Re: Cant open Microsoft Outlook after doing READ AND RUN ME 1ST for malware removal s

We cannot help you if you do not attach all of the requested logs from running the READ & RUN ME.

However it does not sound like a malware problem. You should start looking at the below:

http://support.microsoft.com/kb/838687

http://support.microsoft.com/kb/236427
 

1 more replies
Relevance 84.87%

I am getting an error "unable to connect to the proxy server" while opening chrome, firefox or IE.
 
I have unchecked the proxy setting and it still reverts back when I try to open a browser.
 
I am pasting the results from the mini tool box. below -
 
I also ran  ADW Cleaner , TDSSkiller and malwarebytes.
 
 
 
 
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by jints1234 (administrator) on 02-02-2015 at 23:43:08
Running from "D:\adware"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# -----... Read more

Answer:tried several malware removal tools and still cant connect

Sorry, not at home, report's too long to read -- what firewall, anti-virus, anti-malware are you using?  One thing I can recommend is you "sneaker-net" [via usb stsick or CD/DVD] Tweaking.com's Windows Repair (All in One), install & run it.  Accept defaults checkmarks, add #26 & 27 [if memory serves me], ones that indicate normalizing Windows operations.

2 more replies
Relevance 84.87%

Hello Geek Saviors

Am trying to run the Malware Removal Tools for my Acer 2012 Laptop, Windows 7, IE 11, AVG antivirus, Comodo Firewall. Have downloaded the Tools to desktop and followed the Win 7 malware removal directions. Have following problems despite lowering Internet security settings, trying with Comodo Firewall disabled (also Comodo in safe mode) with all tools software entered as safe applications, running in Windows Normal Ops:
1 - Defogger, after clicking DISABLE and YES get immediate red X message "Unable to Create Log"
2 - RogueKiller, right click "run as admin", depending on Comodo settings noted above variably got Alert Triangle "Software is Not Available" or once setup opened and started abruptly disappeared with message "Download Manager has stopped working. A problem caused the program to stop working correctly. Windows will Close and notify you if a solution is available". Tried renaming to "RK.exe" with same result.
3 - Malwarebytes - tried after RogueKiller failure, right click "run as admin", and got exact same response as for RogueKiller.

Did not try other tools. Any idea what I can do to get tools to run? Have not tried computer Safe Mode - would this help?
Thanks for any suggestions and guidance.
 

Answer:Malware Removal Tools not Opening

Yes, you can try safe mode, but be sure to first disable your AV software.
 

6 more replies
Relevance 84.87%

Help! My daughters laptop seems to be infected with browser hijacker I can't get rid of it. I can't download windows updates and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools. Super anti spyware was installed and wouldnt work, have tried to install windows malicious software removal tool via USB but it won't install or run, have also tried to install spybot via USB but it wont install, error message when it try's to connect to download some of installation files I think. Any advice you guys can offer would be very gratefully recieved, many thanks
 

Answer:Can't install malware removal tools

Welcome to Major Geeks!





TomPo said:





and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools.Click to expand...

Has a proxy server been inserted in the browser? See the below:

Proxy Server - Changing Settings



TomPo said:





Super anti spyware was installed and wouldnt work,Click to expand...

You need to be more specific. Exactly what happens.





TomPo said:





have tried to install windows malicious software removal tool via USB but it won't install or run,Click to expand...

Exactly what happens? Any error messages.

Have you tried to install and run tools in safe boot mode as suggested in our cleaning procedures?





TomPo said:





have also tried to install spybot via USBClick to expand...

Waste of time anyway as it is ineffective against most of todays malware.


Also try the below to see if you can get anywhere.


Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from y... Read more

12 more replies
Relevance 84.87%

When I go to download ie:  RKILL or malwarebytes they do not download.  I am running firefox.  I have tried explorer.  I have an HP windows XP. 

Answer:cannot download any malware removal tools

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518053 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 84.87%

My Windows 7 x64 machine is presenting Antivirus 360 malware. I am looking for tools that will work with Windows 7. I tried combofix and some others but I am finding out they are not made for Windows 7. Please help. I am not even sure what to use to collect logs to submit here.

--M


Submitted DDS log in log submit forum but I would still like suggestions on Windows 7 compatible removal tools.

More replies
Relevance 84.87%

Running windows xp media edition on e machine. Will not run any spyware programs. Will not run HJT. Found BRAVIAX.EXE in sys 32. Ran killbox to delete. Could not delete braviax sys32.exe. Had killbox replace file with dummy file then marked read only to stop the red x
trying to sell me its programs. Tried to down load several other spyware removal programs. Get message Access Denied no matter what.
Browser has been taken over by redirect program. HELP! WARNING I am NOT computer literate.

Answer:Nasty Malware. Can't run any removal tools.

Hello fxstc1340 and to BleepingComputer.WARNING I am NOT computer literate.Not a problem. If you don't understand something, feel free to ask questions and I'll explain it better. The same holds true for any helper you work with here.Now. . . let's see what we're looking at here.Please install RootRepealNote: Vista users ,, right click on desktop icon and select "Run as Administrator."Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorDisconnect from the Internet or physically unplug your Internet cable connection.Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection.After starting the scan, do not use the computer until the scan has completed.When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.Extract RootRepeal.exe from the zip archive.Open on your desktop.Click the "Drivers" tab, and then click the button.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the... Read more

6 more replies
Relevance 84.87%

I can't download anything at all and I suspect it is a malware issue. And yes, I've tried removing firewalls, anti-virus, pop-up blocker, etc...
If i try to download something on firefox i get this message: "C:\Documents and Settings\HP_Administrator\Desktop\XXXXXXX could not be saved, because you cannot change the contents of that folder.
Change the folder properties and try again, or try saving in a different location."

If I try to download something on IE i get this: "The requested site is either unavailable or can not be found.Please try again later "

Some symptoms that might be unrelated, I tried running a disk check, but it stops at step 2/3, and an old malware that i deleted left autorun, but i got rid of that as well.

I would download malwarebytes or something to try and get rid of the problem, but i can't :\
 

Answer:Can't even download malware removal tools

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

3 more replies
Relevance 84.87%

can anyone tell me if there ar any bootable malware removal programs other than avg

thanks in advance

ray

Answer:bootable malware removal tools

Here are a couple:http://www.free-av.com/en/products/12/avir...cue_system.htmlhttp://www.freedrweb.com/livecd/

2 more replies
Relevance 83.64%

Hello,

I've been trying to rid myself of this one for some time. Using a combination of Malwarebytes and Sophos I've tried hard, and was able to remove it for several days, at which point it came back with a vengence. I did this DDS scan as soon as I realized it had come back, without taking any additional removal steps. Something is being left behind...

Malwarebytes finds the following: Trojan.Zlob.H, Trojan.Agent, Trojan.Vundo, Malware.Trace, Trojan.Downloader, Virus.Virut, Hijack.Regedit, Hijack.FolderOptions

I've also tried vundofix, which wasn't helpful. I've tried turning off system restore, booting into safe mode, and running all removal software. Nothing has been able to completely rid me of this.

Thanks in advance for your help, it is very much appreciated.

Below is the DDS log:
DDS (Ver_09-05-14.01) - NTFSx86
Run by Trevor Hodges at 21:41:00.20 on Mon 05/18/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13

============== Running Processes ===============
============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://esupport.sony.com/EN/info/vaioupd/noupdates.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keywo... Read more

Answer:Malware / Virus, Very persistent!

Hello northwest_trail,I've tried turning off system restorePlease turn system restore on. Do NOT start your fix by disabling System Restore. This rule applies to any manual fixes and is especially true for spyware removal. That is because disabling System Restore wipes out all restore points. Should a problem arise during the fix you would have NO good working configuration to go back to get the computer up and running. Even if you have to start over removing infections, this is preferable to a dead PC thanks to having System Restore turned off. Clean the restore folder and set a new point AFTER the PC is clean and all programs are working properly. Are you a Java programer? Do you use Java DB or the Java Developemnt Kit in your work?If not, then uninstall these:Java DB 10.4.1.3Java™ SE Development Kit 6 Update 12Uninstall these old versions of Java, as they are malware magnets.J2SE Runtime Environment 5.0 Update 10J2SE Runtime Environment 5.0 Update 11J2SE Runtime Environment 5.0 Update 7J2SE Runtime Environment 5.0 Update 9Java™ 6 Update 2Java™ SE Runtime Environment 6 Update 1Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. Please post the Malwarebytes log so I can see what is is finding.

2 more replies
Relevance 83.64%

System is an IBM thinkpad P4 running XP Pro SP3.
Initially I thought fixing it would simply be the removal of "Security Essentials 2011". I removed it, cleaned up the hosts file, and then tried running Malware Bytes, SDS, SAS, and even AdAware. MS Security essentials gives an access denied error 0x80070005 and will not start.

I know, run HijackThis and post the log. Well, when i go to fire it up, it begins the scan and then just closes without any error message.

So the weird thing is that when I go into the folder of the tool that won't run, the program file is there, but has lost its icon and is read only in some odd state that I cannot delete or change the permission of. I am logged in as Administrator, but do not have access to these files.

Any help out there??? I am trying NOT to format this machine.

Answer:The most persistent virus/malware I have seen

I should also mention that I have even tried scanning this hard drive attached to another machine. It found a few files, but my infection remained.

2 more replies
Relevance 83.64%

Hi there,Can someone have a quick review of this hijackthis log and see if there is anything obvious? My pc is randomly openning IE and Firefox windows and runs very very slowly. I have avast installed as well as zone alarm and ad-aware. Have tried running malware bytes, spybot, ad-aware etc and although they find some things, the issue is still present.thanks in advanceSteveScan saved at 11:34:10 PM, on 8/5/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\PC Tools Firewall Plus\FirewallGUI.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exeC:\WINDOWS\system32\... Read more

Answer:Persistent Virus / Malware help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 83.64%

I need help please, I have been battling a virus/malware problem for 2 weeks. I've used MalwareBytes, IOBit Security 360, Spybot and they all find lots of issues each time I run. I've also got McAfee running but even though I try to clean everything using these tools I find that once I strat browsing again strange things happen - the browser closes unexpectedly, or it spawns multiple instances of IE, or I get intermittent ads possing up. When I run the cleaners again they find lots of nasty stuff. I'm using XP SP3, IE8 and everything is incredibly slow.

All help / ideas much appreciated
Thanks
 

Answer:Persistent malware / virus

16 more replies
Relevance 83.23%

I'm having difficulty figuring out this persistent malware. I think it's likely that there are multiple issues.

I'm running Windows Vista.

The malware started off with "google redirect" symptoms, and disabling my Symantec software

Shortly following, I could no longer access the web. However, the malware itself would create an internet explorer popup every 5-10 minutes (not my default browser) that would go to "search sites" (none that I recognized....) and search for lewd topics. Running the taskmanager would show multiple instances of iexplore.exe running on my machine (one for each popup). The popups would have to be eliminated one by one using the task manager.

Trying to run a system restore, I discovered all restore points had been deleted.

I installed AVG antivirus and got it to run once which seemed to help the problem. However, upon restart, all issues were back and I could no longer run avg. Windows defender constantly pops up that a new trojan is attacking my machine.

At this point, I unplugged my internet connection and started using another machine. I had left my problematic computer alone for about a month.

Upon turning it on last night, each time I logged on, it gave me a warning that "Windows had encountered a critical error and will restart in one minute" and would restart. I tried running cmd (in that one minute) to intercept it, but the task manager would freeze if I tried to run it from there and explorer wo... Read more

More replies
Relevance 82.82%

Hey I am just really interested in PC security and repair and I was just wondering if you guys had any good resources for my own personal research. If you could tell what you would want to look for when examining these files created by the programs listed below and even what the purpose is for these programs that would be very helpful in helping me understand the process better. I got this from your malware removal procedure forum. Very insightful by the way

? BitDefender
? PandaActiveScan.
? GetRunKey
? ShowNew

Thanks
 

Answer:Examing logs created by malware removal tools

Your best resource is the thousands of posts in this forum.

BitDefender and Panda are rather self explanatory in most case however you still need to know the difference between valid detections and false detections and that comes with significant experience over a period of time.

We don't have time to really explain GetRunKey and ShowNew to you. In short GetRunKey shows lots of registry keys (not necessarily bad) and potentially bad files associated with certain infections. ShowNew dumps out important areas of the file system that may be used by malware. ShowNew also prints and uninstall program list so you can see if any malware is installed. You need to have a good understanding of ALL Windows OS's, the file systems, and the registry to understand what they are being used for. Also you need to again be able to distinguish between what is valid and what is not valid and that also comes with significant experience.

Reading the threads and reading the logs and seeing what is fixed and not fixed will teach you a lot.
 

1 more replies
Relevance 82.82%

all info stated above I think. Appreciate your help.
 

Answer:Removing Edeals (multiple malware removal tools used)

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 82.82%

Hi..

When i try to run the spyware removal tools, nothing comes .. I think my system is deeply affected by spywares. I renamed mbam.exe to mb.exe and ran. Still it didn't run. so please tell me to run these anti spywares. PLease help !!
I am attatching the Mlogs.zip which i got when i ran MGtools :cry


http://citycricketers.wordpress.com The IPL Team
 

Answer:Cannot run malware antibytes or super antispyware like removal tools

Welcome to MajorGeeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip... Read more

1 more replies
Relevance 82.82%

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hi and welcome to the Bleeping Computer malware removal forum. If you are reading this article, then you are most likely looking for a solution to a possible malware infection on your computer. Please follow these steps in order to provide information that we can use to analyze your computer's configuration. Please note that these steps may appear to be long and daunting. In reality, though, they are very simple and are only so many steps as we wanted to be as detailed as possible in the instructions.
Before you perform these steps, it is suggested that you first check to see if there is a self-help guide for infection here:
Virus, Spyware, and Malware Removal Self-Help Guides
If there is one, then you can attempt to use the self-help guide first and then continue with these steps if you feel that you are still infected.
- Backup your data!
Regardless of whether or not you have a malware infection, routinely backing up your data should be an important part of every computer users life. Whether it be a hard drive that has failed or malware that has caused your computer to become inoperable, not having your files, pictures, email, and music can be a disaster. We therefore suggest that before we move forward with this cleaning process, you first backup your data to a secure location. That secure location could be a burnable DVD, an external backup drive, or another... Read more

Answer:Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Bump to reset order.

1 more replies
Relevance 82.82%

Hi, apologies If I have not done this correctly.... First post.

I am unable to run Combofix in Safe Mode or Unsafe, Spybot and Malwarebytes, I can click the .exe shortcuts but nothing happens. I realised I had a problem when my google started redirecting to other sites then just crashing or going to blank screens. See my scan below, and attached unfortunatley unable to run any other screeners etc as I cant get them to startup.

Not sure how complex this problem is but it would allowme to login or register to your site on the problem pc, when I clicked agree to terms it came up you didn't agree etc. Then when I registered on the other comp I still could'nt and can't login on the problem pc....

Thanks in advance for any support
Kevin
DDS (Ver_09-02-01.01) - NTFSx86
Run by kev at 16:52:41.02 on 22/02/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.536 [GMT 0:00]
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EX... Read more

Answer:Unable to Run any Malware removal tools Combofix Spybot etc

My Combofix log after running, I got this running after changing the name.

ComboFix 09-02-21.01 - kev 2009-02-23 22:15:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.701 [GMT 0:00]
Running from: c:\documents and settings\kev\Desktop\ComboFix1.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_006126_.tmp.dll
c:\windows\system32\_006127_.tmp.dll
c:\windows\system32\_006128_.tmp.dll
c:\windows\system32\_006129_.tmp.dll
c:\windows\system32\_006135_.tmp.dll
c:\windows\system32\_006136_.tmp.dll
c:\windows\system32\_006137_.tmp.dll
c:\windows\system32\_006138_.tmp.dll
c:\windows\system32\_006139_.tmp.dll
c:\windows\system32\_006141_.tmp.dll
c:\windows\system32\_006142_.tmp.dll
c:\windows\system32\_006145_.tmp.dll
c:\windows\system32\_006146_.tmp.dll
c:\windows\system32\_006148_.tmp.dll
c:\windows\system32\_006149_.tmp.dll
c:\windows\system32\_006150_.tmp.dll
c:\windows\system32\_006152_.tmp.dll
c:\windows\system32\_006155_.tmp.dll
c:\windows\system32\_006156_.tmp.dll
c:\windows\system32\_006160_.tmp.dll
c:\windows\system32\_006161_.tmp.dll
c:\windows\system32\_006163_.tmp.dll
c:\windows\system32\_006166_.tmp.dll
c:\windows\system32\_006168_.tmp.dll
c:\windows\system32\_006169_.tmp.dll
c:\windows\system32\_006170_.tmp.dll
c:\windows\system32... Read more

3 more replies
Relevance 82.82%

Hey Guys,
 
I Follow the 

CryptoLocker Ransomware Information Guide and FAQ
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#decrypt
and set the security policies to avoid CryptoLocker attack my computer which are these 
 
Block CryptoLocker executable in %AppData%

Path: %AppData%\*.exe Security Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block CryptoLocker executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*.exePath if using Windows Vista/7/8: %LocalAppData%\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block Zbot executable in %AppData%

Path: %AppData%\*\*.exe Security Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block Zbot executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*\*.exePath if using Windows Vista/7/8: %LocalAppData%\*\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block executables run from archive attachments opened with WinRAR:

Path if using Windows XP: %UserProfile%\Local Settings\Temp\Rar*\*.exePath if using Windows Vista/7/8: %LocalAppData%\Temp\Rar*\*.exe
Security Level: DisallowedDescription: Block executables run from archive atta... Read more

Answer:Security Policies doubts after Malware Removal Tools

Instead of playing with the Local Group Policy Editor manually to set these GPOs, you should just download and use the free version of CryptoPrevent that will do everything for you and also offers you various options when it comes to the "thightness" of the settings.https://www.foolishit.com/vb6-projects/cryptoprevent/This tool was created following Lawrence Abram's instructions you just followed, plus some custom made rules, so you'll be good if you use it.

1 more replies
Relevance 82.82%

I've followed the Prep Guide but have been unable to get DDS to run despite repeated attempts. I've also tried to run Root Repeal several times without success. I then downloaded RSIT. Here's the log file:
"Logfile of random's system information tool 1.06 (written by random/random)
Run by GREG GOODFELLOW at 2010-01-04 15:32:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (34%) free of 153 GB
Total RAM: 1015 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\... Read more

Answer:Infection Preventing Malware Removal Tools from Running

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

15 more replies
Relevance 82.82%

I have attempted to run the following programs:MalwarebytesNorton Power EraserMcAfee StingerI am able to install them and get them up and running. They run for 30 seconds or so then the programs get killed. When I try to restart the programs, I get the following message: Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.This problem occurs whether I run Windows XP Home SP3 as a regular user, or as an administrator in Safe Mode.

Answer:Malware Removal and AV Tools get killed when attempting to scan

Hello,This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.FixNCR.reginsert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes'... Read more

1 more replies
Relevance 82.82%

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hi and welcome to the Bleeping Computer malware removal forum. If you are reading this article, then you are most likely looking for a solution to a possible malware infection on your computer. Please follow these steps in order to provide information that we can use to analyze your computer's configuration. Please note that these steps may appear to be long and daunting. In reality, though, they are very simple and are only so many steps as we wanted to be as detailed as possible in the instructions.
Before you perform these steps, it is suggested that you first check to see if there is a self-help guide for infection here:
Virus, Spyware, and Malware Removal Self-Help Guides
If there is one, then you can attempt to use the self-help guide first and then continue with these steps if you feel that you are still infected.
- Backup your data!
Regardless of whether or not you have a malware infection, routinely backing up your data should be an important part of every computer users life. Whether it be a hard drive that has failed or malware that has caused your computer to become inoperable, not having your files, pictures, email, and music can be a disaster. We therefore suggest that before we move forward with this cleaning process, you first backup your data to a secure location. That secure location could be a burnable DVD, an external backup drive, or another... Read more

Answer:Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Bump to reset order.

1 more replies
Relevance 82.82%

Hi everyone

Thanks for all the work you all do here. It's a great service to users everywhere.

I'm having a hard time removing various malware that were downloaded by a trojan or virus. This is extremely frustrating -- I think its all gone and bam, restart and its all back again. My gut tells me its Virut, but let's see what you guys think.

A couple notes: I've already done ComboFix to get rid of the Google Redirect virus. Installed Spybot to protect hosts file. I've run MBAM, AVG, Spybot, and HJT a ton of times. I just can't get it out! Most recently, two programs have showed up: System Security and Malware something. MBAM tries to remove them but they're still here. My wallpaper keeps getting changed to some black background with a huge warning on it.

Thanks for the help!!!

*edit: I'm thinking about just reformatting/hp-restoring the computer. Any thoughts on saving this computer before I do so?

Here's HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:30 AM, on 6/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
... Read more

Answer:Persistent Virus/Malware/Trojan

Just did a MBAM scan in Safe Mode (this is the most recent scan). Here's the log below.

Malwarebytes' Anti-Malware 1.37
Database version: 2225
Windows 5.1.2600 Service Pack 2

6/15/2009 11:47:00 AM
mbam-log-2009-06-15 (11-47-00).txt

Scan type: Quick Scan
Objects scanned: 77147
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{aff01325-0fc2-4749-8914-fbf0565ad9cc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aff01325-0fc2-4749-8914-fbf0565ad9cc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aff01325-0fc2-4749-8914-fbf0565ad9cc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast!Antivirus (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\18296714 (Rogue.Multiple.H) -> Quarantined and... Read more

3 more replies
Relevance 82.82%

There's something fishy going on with my computer-the "shut down" button is gone from the "Start" menu and the task manager has been disabled.  After doing all the steps listed in the Malware Removal Post by evilfantasy, the task manager is now available, but the "shut down" button is still missing from the "Start" menu.  Attached are the logs from SUPER Antispy, Malwarebytes' Anti-Malware, and HJT.  Thanks for everything, please advise if I need to do anything else!!  [attachment deleted by admin]

Answer:Virus/Malware Scans

You have Viewpoint installed.Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".More information: ViewMgr.exe - UselessViewpoint To Track Browsing, Serve AdsViewpoint to Plunge Into AdwareIt is suggested to remove the program now.Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player Viewpoint Toolbar Viewpoint Experience Technology.----------Before you begin the SDFix instructions you should copy these instructions in a Notepad file and save them to your desktop or print them for easy reference. Much of SDFix will be done in Safe mode and you will be unable to access this web page after booting into Safe mode.Download SDFix by AndyManchesta and save it to your desktop.When using this tool, you must use the Administrator's account or an account with Administrative rightsNow, double-click on the SDFix icon that should now be residing on your      desktop. If a Open File - Security Warning box opens, click      on the Run button.A window will now open showing SDFix being extracted into the C:\SDFix folder.      Once the installation program has finished extracting SDFix, it will open      a Notepad with further instructions.DO NOT use it just yet.Reboot your computer in Safe ... Read more

1 more replies
Relevance 82.82%

Hey Everyone

I am looking for a little direction. I am helping out a friend who was complaining that when he used IE 7 he had problems going to the sites after doing a search. I.e he would search on google see the hits and when he would click on the links it would take him to another site.

I ran Vundofix with no results. I have since tried SpyBot, Combofix, SuperAntiSpyWare, and Malwarebytes and none of them will run. Spybot and MalwareBytes install but will not come up. Combofix and Super will not even install.

The only things I can run are CCleaner and Windows Live Oncenter which did remove some trojans.

Any ideas on what to do? I have tried it in safe mode and have turned off the firewall just to make sure.

Thanks this has been very frustrating.

P
 

Answer:Can't run any malware/virus scans on PC

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. ... Read more

1 more replies
Relevance 82%

I have 2 problems, the malware(Guard Online) and the google redirect problem so I look at the steps in "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". I followed the steps until I got to step 8. I have a problem with thePart of Step 8 that says "Please double-click on the gmer.exe program. Once you double-click the icon a Windows security warning may appear asking if you are sure you would like to run the program. If this warning appears, please click on the Run button to allow GMER to start. If no warning appeared then you should just continue with the guide". When I click gmer.exe, an error pops up and says "Windows cannot access the specified device,path,or file. You may not have the appropiate permissions to access the item.". This error pops up when I try to use malwarebytes and SuperAntiSpyware as well. What do I do?

Answer:Problem with---> Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hello,Forget about GMER for now and please post the DDS logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

6 more replies
Relevance 82%

Hello. I was visiting a few websites and all of a sudden my computer blue screened and started doing a "file dump" it then reset itself.

I tried to go on and fix it, but it wouldn't let me access any antivirus/spyware/malware downloads. Norton, mcafee, spydoctor, malwarebytes anti malware.

I started getting popups stating "this site is unsafe download this.." it was a windows/microsoft grey box message. It seemed legit, but I did not actually download it. I cancelled. I got it every few websites I went to. Mostly from the antivirus sites.

I restored my computer to factory settings (didn't need anything on it).

I have since been able to run several virus scans and download several malware softwares. I have malwarebytes anti malware, norton, and spydoctor. They all have run and found nothing.

I just want to make sure I have gotten rid of everything.

I downloaded hijackthis and this is the log it just returned.

I don't know what to do with all this, but it has been suggested I find a help forum for some advice.. Anything anyone can tell me is much appreciated. Thanks in advance.

Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:26 PM, on 8/7/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.... Read more

More replies
Relevance 82%

Still having problems accessing files and folders on C drive; no access or access denied to open or view Docs and Settings folders, App Data, etc. Access is even denied to my user Documents\MyMusic, MyPictures, and MyVideo files.

Read and followed instructions in the Read & Run Me First removal guide. Downloaded SuperAntiSpyware, Malwarebytes, ComboFix, and MGTools.

Looked for log from SAS but couldn't find anything saved anywhere. If I right-click on the .exe saved to my desktop, properties show it as "SAS.exe.exe" Is that normal??

Also, I noticed after running Malwarebytes or Combofix (I don't remember which-sorry), a new folder was created - "C:\$RECYCLE.BIN" which, of course, is locked.

A little more history here: I knew I had this trojan a couple of months ago and, without reading up on anything, thought I could do a system recovery from a recovery disk I had. Unfortunately, that didn't work, and I ended up with a black screen that kept saying, "No operating system installed". A friend took my laptop and said he "wiped it down as deep as he could go", then installed Windows 7 (I previously ran Vista). Got the laptop back recently and found out the trojan is still here, living large in the background on my laptop.

So, I am assuming the logs will show a pretty bare bones system here, and that's why.

I've attachd the logs I can find.... HOWEVER, when I try to attach MGTools.zip fi... Read more

Answer:Ran all suggested malware removal tools and ZeroAccess trojan still installed.

ZeroAccess trojan still present after all removal tools used

I've had this trojan on my laptop for almost 4 months. Before doing any research, i tried to do a system recovery from a disc I had made last year, but ended up with a black screen telling me that "no operating system installed". Gave my laptop to a friend to "fix". He "wiped the hard drive down as deep as poosible", installed Windows 7 (I previously had Vista), and gave it back to me. I assumed he knew the extent of this trojan, but obviously he didn't. I have a 64-bit operating system, running Windows 7. Everything else was installed or re-installed by my friend after he "wiped the hard drive".

I read the Read & Run me guide, installed and ran all the tools, etc. Here's the issues:

I am denied access to common doc files, my start menu folder, my templates folder, etc. I have two program files, one of which has "(86x)" behind it; after running the removal tools, i found a new folder on my hard drive: "$RECYCLE.BIN" which of course, is locked. When I right-click on the SAS.exe file on my desktop, the properties show this: "SAS.exe.exe", same with "mb.exe.exe" (is this normal??).

There is nothing in the SAS folder on the C drive, but SAS didn't show anything anyway; I've attached the combofix log; inside the MGLogs.zip file is another folder called "Qoobox" along with the text ... Read more

4 more replies
Relevance 82%

Hi,

My son's Laptop has a nasty redirect virus that also prevents the execution of malware removal programs and also prevents the logging tool from working. The icons for both Malwarebytes and the dds tool have a colored "shield" that is imposed on top. Any help would be greatly appreciated. OS is Vista Home edition.
Appreciatively,

A

Answer:Malware with redirect prevents removal tools and logs from executing

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 82%

My problem sounds similar to other threads,  mostly like this one:  http://www.computerhope.com/forum/index.php/topic,76406.0.html " But it seems as if nobody was sucessfull with removing this beast yet. My issue all started with WINLOGON asking my firewall for web access, which I let go through because Google adviced if the file is in the system32  folder it should be fine. Since then IE pops up sites by random;  forced reboots occured and  Windows keeps saying "Appl. cannot be executed, the file is infected, please activate your antivirus software". The virus pretends as if itself was a malware removal tool. It claimed that NetSky32 took over the system and wanted the user to donwload security tools (a fake regestry defender window poped open). SuperAntiSpy cannot see anything, Malwarebytes is far better, but still not succesfull . The virus kind of panics as I donwloaded MalWareBytes and after the first scan the virus deleted the Malwarebytes executable. At one point of time it seemed as if I would be fine (the regedit and taskmanager were usable again,  the Virus-warning desktop background was gone, but: I could never boot into a savemode to perform a full system scan and completely get rid of this. When trying to boot in save mode I still get a blue screen of death. Part of the virus is residing in C:\Windows\temp. The files seem to be rewritten at each boot time: gnserv.dat, spserv.dat, fla6.tmp,  Perflib_prefdata_44c.da... Read more

Answer:Malware in C-Windows-temp and maybe in the MBR. All common removal tools failed

Hello. Welcome to CH!  Are you able to boot to Windows?These two files: C:\WINDOWS\system32\serauth1.dll and C:\WINDOWS\system32\serauth2.dll -- will continually be restored while their backup is in place. These are not necessarily bad.If you are able to boot, please do the following:Please open Notepad and enter in the following:[email protected] offecho DMJ Find > findSUBawf.txtecho. >> findSUBawf.txtif exist "%SystemRoot%\System32\clauth1.dll" echo Found clauth1.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\clauth2.dll" echo Found clauth2.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\lsprst7.dll" echo Found lsprst7.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\nsprs.dll" echo Found nsprs.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\serauth1.dll" echo Found serauth1.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\serauth2.dll" echo Found serauth2.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\servdat.slm" echo Found servdat.slm >> findSUBawf.txtif exist "%SystemRoot%\System32\ssprs.dll" echo Found ssprs.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\sysprs7.dll" echo Found sysprs7.dll >> findSUBawf.txtif exist "%system%\bak" echo AWF-POSSIBLE >> findSUBawf.txtecho. >> findSUBawf.txtecho EOF >> findSUBawf.txtStart findSUBawf.txtexitThen, click File > ... Read more

14 more replies
Relevance 82%

Hello and Thanks in advance. I ran all tools to get a chance to ask someone how to repair the registry in my windows 7 64 bit system. It's new but has crashed multiple times. I was tired of restoring to factory settings.

It seems that someone with physical access during the 3 months I've owned it has changed settings so they can receive reports from this computer. Help!
 

Answer:Registry repair after running all suggested malware removal tools.

eMachines EL1352G-41w, AMD Anthon IIx2 220 Processor 2.8 GHz, 2.00 GB (1.75 usable), 64-bit operating system, Windows 7 Home Premium Service Pack 1, ZyXEL EQ-660R-F1 ADSL Router on single phone line 1.5 max (out in the sticks), No wireless connections, HP OfficeJet 5610v All-in-One (won't print), NVIDIA nForce 10/100/1000 Ethernet, worked fine till I left town. Have restored to factory 5 times. Some registry files are missing, and I don't have permission to change them. Files from Malware scans attached.

Hope this is all correct. Poke me in the eye if not! ~G
 

4 more replies
Relevance 82%

Hi,

I recently noticed symptoms of a malware/virus infection. Some .exe files stopped working (e.g. Spotify and Malwarebytes) and their icons disappeared for no reason. I tried to install antivirus software such as Malwarebytes but failed as I got errors during installation. I now have issues installing and uninstalling some software (especially antivirus software). I did a bit of research and followed some instructions from various sources and it seems that the process that may be causing these symptoms is RuntimeBroker.exe. I tried to end the process but several instances of the same process are running at once, and they seem to be restarting every time I end the process. Could anyone please help me resolve this issue? I have attached some scan logs to this post and I hope they'll be of use.

Thanks in advance!
 

Answer:Persistent Virus/Malware (SysWOW64 and RuntimeBroker.exe)

Nevermind, I ran HitmanPro again and it seems like RuntimeBroker.exe is no longer running. I ran RKill and there were no issues at all. I also seem to be able to install and uninstall software again.
 

1 more replies
Relevance 82%

What are the best scans I can preform to make sure my computer is virus/malaware free?Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum.~ Animal

Answer:Best free virus/malware scans?

Just like with anti-virus programs...there is no universal "one size fits all" solution that works for everyone and there is no single best anti-malware solution to supplement your existing security protection. You may need to experiment and find the most suitable combination for your needs.
Please see: Supplementing your Anti-Virus Program with Anti-Malware Tools
 
List of Free Scan & Disinfection Tools which can be used to supplement your anti-virus and anti-spyware or get a second opinion:
Malwarebytes Anti-Malware
SUPERAntiSypware Free
Kaspersky Virus Removal Tool
Sophos Virus Removal Tool
ESET Rogue Applications (ERA) Remover - How do I use the ESET Rogue Application Remover (ERAR)
Panda Cloud Cleaner - How to disinfect computer with Panda Cloud Cleaner
Dr.Web CureIt
Hitman Pro
HitmanPro.Kickstart
SecureAPlus Freemium <- comes with a one-year free user license
MicroWorld eScan AntiVirus Toolkit (MWAV)
Microsoft Safety Scanner
Norman Malware Cleaner
Windows Defender Offline
McAfee Labs Stinger Tool
Trend Micro Fake Antivirus (FakeAV) Removal Tool
Trend Micro System Cleaner
VIPRE Rescue
Note: Many of these tools are stand-alone applications contained within zipped files...meaning they require no installation so after extraction, they can be copied to and run from usb drives.
You can always supplement your anti-virus or get a second opinion by performing an Online Virus Scan. ESET is one of the more effective online scanners.Not so Free malware scanning/removal ... Read more

1 more replies
Relevance 82%

...should you always be in safe mode?
...how about an online scan...possible to do so in safe-mode and go online?
thanks...
 

Answer:when doing scans for virus' and spyware, malware, etc..

answered my own question...safe mode + networking = yes.

 

1 more replies
Relevance 82%

New to this but anyway, I have successfully removed stuff and junk from the old box but this one has me stumped. I have scanned with Malwarebytes, Spybot, Adware and Avast and nothing is recognizing that I have something going on. Hit a site yesterday that wanted to "scan" my computer. Avast caught it right way but when I hit "Abort Connection" it started to do it's little trick anyway, defeating my Avast and disabling the resident Scanner. Before writing down any info (like a rookie) I panicked and Xed out of Firefox. This morning when I went to take it out of Stand By it was froze. So I reluctantly rebooted and went strait to the Scanners above. All four of them said "No Prob" "0" infected files.

Still can execute in Safe Mode but the system completely freezes up after about 2 min of use in normal mode causing me to reboot. So what the hell do I do now. Hopefully you say, "Back up all your stuff and Buy another computer "

I run my own business and don't have a lot of time to mess with this and if it's going to cost $100+ to send it in, then I may as well just spend the few extra $100 to get a new tower. I know that is a little dramatic but as you can see I'm a little worried.

"Give me, give me. I need, I need" Bill Murray, What about Bob

Thanks

Bob

Answer:virus/malware not showing up on scans

It ended up being my registry. I downloaded "Free Windows Registry Repair" and it did the trick. I also went to Window Safety Check and did a scan

1 more replies
Relevance 82%

Hello,

Thank you in advance for your help. My name is Chris. I am attempting to fix and clean my friends computer, however it is giving me some problems. The hijack, dds, and attach logs are posted below. This is a 64bit system so I didn't do the other scan. And by the way, If all you want to view is the logs just scroll to the part where you see a row of smiley's and thumbs up. The Hijack log starts immediately after. You may see a log before the row of smileys but thats a malwarebytes log that I posted during the explanation of the steps I have taken so far. The first few paragraph's is me rambling on about what I've done so far, and you probably don't even need to know hence is why you ask people to copy the 3-4 logs in their postings, but it makes me feel better that I explained it lol.

I would consider myself to be above average when it comes to removing viruses, malware, etc..When I first got the laptop in my possession it booted right up and the first error message I got, after windows had already started, was something like this:

error: c:/users/jameson/appdata/local/easybits/hjpasmpe.dll missing entry: register change callback

I'm not sure if this has something to do with the virus or if my friend ran a spyware program that deleted a necessary registry file by accident. I first established a network connection which said I was connected to the Internet but could not access the web with any browser installed on the pc. I checked to s... Read more

Answer:FBI Virus / other malware - ALL SCANS POSTED

51 views but no replys must mean this laptop is all jacked up lol. Here is an update.....

I was finally able to download AVG 2013 Free and installed the complete protection trial for 30 days to make sure it would catch everything possible. I ran the scan overnight and this morning I checked it and saw something I've never seen before. This pc has to be bad off ....

The AVG detected 40 something trogjans and multiple corrupted executable files which it says it fixed. However, it couldn't fix an infected rootkit that reads - Rootkit.TDSS.TDL4 (Master Boot Record) and it couldn't fix multiple anti-rootkits that read - IRP hook, \Driver\iaStor IRP_MJ_CLOSE-> 0xFFFFFA800529274C. The other ones like that all start the same but instead of where it says "CLOSE" in the one above the others say "SET_SECURITY" "SHUTDOWN" "SYSTEM_CONTROL" "WRITE"

I'm assuming this pc is infected with multiple viruses and has been for some time now. The guy who owned this pc lives on campus at a large university and he said many people used his computer for the last few years. I would like to post the log but I don't want to do anything right now with the AVG because I don't want to remove all the TROJANS it found for a good reason. (PLEASE READ THIS PART IF YOU ARE THE VOLUNTEER THAT IS GOING TO HELP ME.)

In the 40 something Trojans AVG found some of them seem like ok files associated with ok programs. One of the fil... Read more

2 more replies
Relevance 82%

Hey, I?m really stuck on a problem and I hope someone can help me.

A few days ago, my AVG Free informed me that a virus had been found, so I performed a full system scan. Unfortunately, the scan froze a few minutes after it began, and I had to terminate the program because it wasn?t responding. Then I ran Spybot and AdAware. AdAware ran for about 5 minutes, picking up 2 critical objects, and then also decided to freeze. With Spybot, the scan was ridiculously slow, but was still scanning at least. Then, after 5 hours, it too decided to freeze. I ran these programs again, thinking I could pause or stop the scan after an infection was found and try and remove it there and then, but I couldn?t, because it would just freeze as soon as I hit pause and/or stop. They don?t all freeze at the same point either, in case that matters (though both AVG, McAfee Stinger and McAfee Online froze at "activeskin.ocx").

Then I ran Trend Micro Housecall, Ewido, Panda, and a-squared online scanners. All these programs, after scanning through a few files, would freeze and become unresponsive. No error messages or anything. I downloaded the Ewido Anti-Spyware software, which did the same thing. There was definitely some sort of pattern emerging here.

I thought perhaps there were inconsistencies in my hard drive that were causing problems in the scan, so I ran chkdsk, which told me everything was fine.

Now before some of these programs froze, they picked up a few things. Trend Micro pi... Read more

Answer:Have Virus But All Malware Scans Freeze

Hi,with these problems i think your best bet is to submit a Hjt log to the forum and let one of the experts look over it and working together you can sort this out.If you need a link as to what to do.... click this....Preparation Guide if you scroll down this link it will tell you exactly what to do.Please remember..... once you submit a Hjt log...... please do not alter anything or try to change anything on your computer. (as this could well change your log)Good luck.

1 more replies
Relevance 81.18%

I want to run Combofix with expert help, but do not know how to Disable ESET Smart Security, malwarebytes,ccleaner,spybot S&D and Windows Installer Clean-up before running Combofix. I would rather not uninstall them all if possible, just disable. I didn't know Windows Install clean-up was on there until saw it listed in programs.

Thanks so much for any help.

Answer:How disable(not uninstall) antivirus/malware removal tools before running ComboFix?

I found out how to disable ESET, but not the others....Thanks in advance for help....

2 more replies
Relevance 81.18%

Hi, I have a persistent infection that can't even be rid with factory restore disks. Seems to dump data or give remote view. Using windows 8. Made a log for gmer but am having trouble uploading.
 
Logfile of random's system information tool 1.10 (written by random/random)
Run by Adam at 2014-12-04 16:18:53
Microsoft Windows 8
System drive C: has 359 GB (84%) free of 428 GB
Total RAM: 3962 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:18:59 PM, on 12/4/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17148)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\trend micro\Adam.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,S... Read more

Answer:Persistent (BIOS/Firmware?) Virus, spyware, malware.

here's a zip file of the gmer file unless you can't use that for security purposes or don't want me to do that first. I have been trying to post the gmer log file with no success, it times out and I get nowhere. I also may have had an application running, didn't close the comodo consul but did turn off active protection.

12 more replies
Relevance 81.18%

First of all thanks in advance for your response. You are all doing the Lord's work. I've been a lurker for a while and now it seems that I need to ask for help.

I keep getting alerts that pop up that say my computer is infected with:

PSW.x-Vir
[email protected]
[email protected]
spyware.cyberlog-x
[email protected]

On top of that the only way to get IE to go to the proper web page is to disable these add-ons with strange names that continue to show up. Plus, a Security Center toolbar has been installed on my IE which cannot be disabled.

This problem looks a lot like the one for ccdesperate . So I've gone ahead and run HJT along with SAS and Combo fix. Here are those logs.

Logfile of HijackThis v1.99.1
Scan saved at 5:56:21 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
... Read more

Answer:Solved: Malware and persistent virus alert window

16 more replies
Relevance 80.77%

Recently, my computer ran its automatic scan and froze about 30% through the McAfee scan. I've tried Malwarebytes and others as well, all of which freeze on the same file. It is a long string file in the sandbox folder and is allegedly a windows file (looked up online seems to verify this).

My computer has generally run fine despite the antivirus freeze, but I'm concerned that my computer may be infected. Java has ceased automatic updates and also, the CPU usage has been through the roof. Does anyone have any ideas?

Thanks,
SDRTR

Answer:Virus/Malware Scans freezing on same file

Hello,I will be helping you with your problemsSome points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send ... Read more

1 more replies
Relevance 80.77%

I noticed yesterday that my computer was running slow and a huge % of the processor was being used when nothing much was happening. When I tried running my audio program (cubase) the computer really struggled and the sound was breaking up. I closed the program and did a few searches to identify the problem. The first response was to do a virus/malware check, so I did, but my computer just started shutting down about 1/3 of the way through the check. It will start up again OK, but if I try another scan it closes down.
 
Firstly, I restored my system to point around 10 days ago when everything was running OK, but the scan problem still prevailed.
 
I then did a disk cleanup, and deleted temp files, temp internet files, program downloads, and the recycle bin. Problem was still there.
 
I then attempted a disk error check, however the computer shut down half way through this process as well.
 
I am really stuck as to what to try next. I have no idea if this is a hardware or software/virus issue. My computer will start up and run for a while, but then the Processor use gets very high again, and it's impossible to run most programs. It will then automatically power down.
 
Any help or advice would be much appreciated.
 
James
 
I have included some specs below:
 
Intel i3 processor
4GB RAM
1TB HDD C: 320GB with OS E: file storage
Windows 7 Ultimate
Avast Free Home antivirus
 
 

Answer:PC shutting down when running virus or malware scans

I then attempted a disk error check, however the computer shut down half way through this process as well.
Use this method, and if it fails
 Run a Disk Check on your C: drive in Windows Vista or Windws 7:
 •Click the Start ORB and select Computer
•Right-click on C:(or your main HDD letter) and select Properties
•Click on the Tools tab
•Under Error-checking click the Check Now... button and click Continue at the User Account Control prompt
•Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
•Click on the Start button
•When the message box pops up, click the Schedule disk check button and Restart your computer
•Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so
This will take (on average) 1 to 2 hours, so please let it finish.
Do not force a reboot while the check is running, as this may damage data -
 
Thank You -

18 more replies
Relevance 80.77%

May be a lost cause fellas... my main symptom is I'm getting Google redirects

DL'd Malwarebytes, wont run even after renaming
AVG wont scan
Mcaffe Stinger wont run
I think I'm hosed here nothing works in safe mode either.


The last time AVG ran succesfuly it found a few things and deleted them.. thats the last issue I had. I'm at work right now if someone can throw out some suggestions I'll try when I get home. Thanks in advance
 

Answer:Google redirects and cannot run virus/malware scans!

Guys, close this thread out.. I ended up having to do a fresh install of Windows as computer stopped booting up

Sorry to bug you looks pretty busy here LOL
 

2 more replies
Relevance 80.77%

I recently had an update notice from Microsoft. Once uodated I had IE8 . Before updateing I had run an MBAM scan due to a false anti-virus I think it was Anti-Virus PRO. I have the scan log if need to verify what was detected. I have tried to run MBAM & SAS in both normal & safe mode, recevied the error on the subject line for MBAM. SAS just says will report error & asks for my email. I can not stay on IE without encountering a problem and shutting down. Not even wmp stays on always encounters error & shuts down. Was able to run BitDefender Antivirus 2008 nothing detected.PC details:HP 873nXP Media Center Edition Ver. 2002 Service Pack 3Pentium 4 2.53GHz1.50GB RAMTask Manager shows 40 processes running have noticed multipule duplicate processesName User Countsvchost.exe System 4svchost.exe Network Service 2svchost.exe Local Service 2Here is the HJT logAny help is greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:09:54 PM, on 6/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\... Read more

Answer:Unknown virus can not run any Anti-Malware scans

Hello, plox3.My name is aommaster and I will be helping you with your log.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.ThanksAlso, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread.Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.Download random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:RSIT Log

29 more replies
Relevance 80.77%

Hey there,

My computer is older than dirt, so I don't expect great performance from it. However, it is running much, much slower than it should. I am also now getting popups that read similar to "System alert! Stop! Windows REQUIRES IMMEDIATE ATTENTION. CRITICAL ERRORS. Go to www.fix64.com" I get these pop ups when I do not have IE open. (No, I am not using Mozilla because my computer doesn't seem to like it.) Because my computer is old and a new on is one the way, I do not intend to put any more money into this one for the high dollar spyware protection that you can buy at the store. I have to make do with the quick fixes that I can. I have run Asquared malware removal, and the most it found was some tracking cookies. AVG anti virus comes up with nothing. I ran a registry cleaner and got rid of some stuff, but none of it looked threatening.
Is it possible that a virus or malware is hiding somewhere that the scans can't see? I am afraid to shop online or do online banking for fear some other eyes are watching.
I am running WinXP on IE6 with a DSL connection.

Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 11:18:48 PM, on 9/8/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System3... Read more

Answer:Virus/Malware hiding from scans? Log included...HELP

16 more replies
Relevance 80.77%

Hi, I've been having some problems with my computer ever since I got some alerts from Norton internet security that intrusion attempts had been made.
 
For example when I go to the hotmail log in page in IE8 there is just a blank white screen, and youtube videos just show as a black box. Other web sites have similar problems. My broadband speed has also become very slow, at only 0.19 mbps when it should be at least 2 mbps (although this might not be related, could be a separate fault on the phone line). I have also noticed that software I've installed recently is not listed in the add/remove programs list in the control panel, so I can't uninstall it.
 
I have Norton internet security running with live update, I have Spywareblaster installed, and I have run scans with AdAware, Malwarebytes Anti-Malware, Super Antispyware, Windows Defender, and online virus scanners from Panda, trend micro housecall, ESET, Kaspersky and probably some others I've forgotten now!
 
None of the scans have found anything except some tracking cookies, so what can I do now? Should I do a Hijack this log or some other advanced stuff? Could someone guide me through what to do?
 
The computer is an old desktop with Intel pentium 4 3.06Ghz CPU, 512mb RAM and Windows XP with SP3. 
 
Thanks for your help 

Answer:Think I'm infected, but virus/malware scans not finding anything

Did you tried TDSSKiller?
 
 Running TDSSKiller to obtain log
 
Note: Don't cure or delete a threat, but choose skip for all instead.
Please download TDSSKiller from here and save it to your Desktop
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

In the Additional options: Check Detect TDLFS file system
Click Start Scan and allow the scan process to run

Choose for all threats to Skip for all of them.
Click Continue
Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

7 more replies
Relevance 80.77%

My Windows 8 computer has been infected with malware/adware. When I browse the internet there are ads displayed by edeals. I've followed many guides to removing it, but none have worked. I've scanned my pc with malwarebytes, adwcleaner, and junkware remover.
Here is the result of the scan with Adwcleaner: 
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Jed - JEDPC
# Running from : C:\Users\Jed\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*origin.com;*ea.com;*akamaihd.net
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:12289
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2109 bytes] - [24/05/2015 11:15:26]
AdwCleaner[R1].txt - ... Read more

More replies
Relevance 80.36%

google search is often hijacked when clicking on links. Happens on firefox or msie. The page is redirected through several other domains before taking me to a final destination remotely related to the original search term. Some of the sites seen in the middle are cs10275.com and ffinddirect.com, but there is no viable info on those online.

Neither spybot, avg or malwarebytes have removed the problem, and i see nothing odd in my hosts file or running processes.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:38 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WIN... Read more

Answer:google search hijack, can't find the prob in hosts or with malware removal tools

16 more replies
Relevance 79.95%

Hi, as the title state, i would like to request help as i feel i might have some kind of malware or virus recently because i noticed 2 changes :
* My PC is of course slower than usual (i didn't install any new programs and i still have sufficient space so those shouldn't be the problem)
* During gaming, my ping has weird spikes and is usually stable at a much higher value than the usual so i tried to check which device might be taking up bandwidth , even after blocking every single MAC address besides this PC i still had those ping spikes so i thought its most likely this PC itself which is running internet consuming programs.
Here are the logs and thanks in advance.
 

Answer:Not Sure If My Computer Has Some Virus Or Malware ( Did Scans And Logs Are Attached )

According to your RKlog, you have a keylogger on your system. Did you put it on?
 

11 more replies
Relevance 79.95%

I obviously have a deep infection. After numerous attempts at scans and fixes by numerous programs, still no luck. I have a thread going in one of the other forums here, and I was advised by one of the techs to move it to this forum for more in depth assistance. To save typing, I will post the link to that thread, so you can see my symptoms and everything that has been tried as well as log files. http://www.bleepingcomputer.com/forums/topic364026.html

I have also attached a copy of the DDS log here in this current post.
 DDS.txt   9.79KB
  0 downloads

I hope I've given you all the info you need to help. If not, I will do my best to get you what you need. Thank you for your help.

**NOTE** while typing this post, using the infected PC, I received the blue screen of death 5 times. Wasnt doing anything but typing this. And then each time I obviously had to reboot, as soon as it got to my desktop, the blue screen shut me down again. Each blue screen mentioned the ldqgakb.sys file. You will see the full technical info in my thread posting. I had to finally boot into safe mode just to be able to type this.

Answer:Malware or virus infection preventing scans or fixes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

3 more replies
Relevance 79.95%

Good morning, I have run multiple virus scans and malware scans both in regular and safe mode and they run clean each time now after they found a couple of trojan viruses two days ago. The issue is that I am noticing a huge amount of web traffic even when I am not running anything on my end. When I run TCPView it shows many "hits" of ip's from Russia and other countries as well. What can I do to delete or change whatever is causing this and is not found by the antivirus/malware programs?Any help would be greatly appreciated!Thanks in advance, TimeBanditgfile of Trend Micro HijackThis v2.0.2Scan saved at 8:31:56 AM, on 8/29/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device S... Read more

Answer:Hijack this file below: Virus scans and malware find nothing

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the sc... Read more

3 more replies
Relevance 79.95%

Ran all suggested scans:
Adaware
Spybot
CCcleaner
WindowsAntiSpyware
Trendonline scan
All in safe mode with system restore disabled and connection unplugged.
Found and fixed many problems and viruses.
Still getting popups!!!!!!!!!
Heres my hijack this log:
Any help appreciated!


Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Answer:ran all suggested malware, spyware, virus scans - Still getting popups!!

Please download Spy Sweeper
Click the link above to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:

Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
Please UNCHECK Do not Sweep System Restore Folder.

Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

11 more replies
Relevance 79.95%

i recently obtained a virus from idk where so i run avg many times but it cloeses half way through and the same with many other anti virus programs, i feel that its the malware defense virus, i ran a Hijack this log so i was hoping someone will interpurt it for me and tell me what to do...my computer is an HP pavilions desktop a1253w
 

More replies
Relevance 79.95%

Ok my Windows Server 2008 x64 the browser has been compromised every time i time to search for a page or if i directly type in a URL I get the following attachment named IE1.jpg
I have ran malwarebytes, NOD32 and Windows Defender to no avail. Please help below is also attached the HiJack this log.

Thank you in advance,

Brandon

Answer:Please Help, Browser Hijacked, Cannot pickup by virus malware scans

So I have ran just about every scan i could. I installed Firefox to see if it was just IE based but it is not Firefox is displaying the same thing. I cannot get to any online scanner because it redirects me.Hello brandonb138,We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Regards,The weatherman (Moderator)

3 more replies